| System and method for traversing a firewall with multimedia communication -> Monitor Keywords |
|
|
  System and method for traversing a firewall with multimedia communicationUSPTO Application #: 20070242696Title: System and method for traversing a firewall with multimedia communication Abstract: Systems and methods are disclosed for transporting multiport protocol traffic using a single-port protocol. Multiport protocol traffic from a first endpoint is converted into a single-port protocol for transport across a network. The traffic is sent over a commonly-open port and received at a second endpoint before being dispersed to the appropriate ports of the second endpoint. By converting the traffic to a single-port protocol and choosing which commonly open port to communicate the traffic through, firewalls between each endpoint may be traversed without changing any of their settings. (end of abstract) Agent: Fulbright & Jaworski L.l.p - Dallas, TX, US Inventors: Christopher S. Signaoff, Tom W. Opsahl, Edward M. Riley, Justin S. Signaoff USPTO Applicaton #: 20070242696 - Class: 370469000 (USPTO) Related Patent Categories: Multiplex Communications, Communication Techniques For Information Carried In Plural Channels, Adaptive, Processing Multiple Layer Protocols The Patent Description & Claims data below is from USPTO Patent Application 20070242696. Brief Patent Description - Full Patent Description - Patent Application Claims
TECHNICAL FIELD [0001] The present invention relates, in general, to electronic communications, and, more specifically, to transmitting communication data within a multimedia communication system. BACKGROUND OF THE INVENTION [0002] The Internet may be used for many forms of communication, including voice conversations, video conferencing, development collaboration, and the like. In order for a manufacturers' programs, applications, equipment, and systems to be interoperable with each other, many protocols have been developed to standardize the communication between such systems. These protocols have grown increasingly complex to handle all the types of traffic generated to facilitate communication for video conferencing, voice over Internet Protocol (VoIP), and data over Internet Protocol applications. Two such protocols are H.323 from the International Telecommunication Union--Telecommunication Standardization Sector (ITU-T) and the Session Initiation Protocol (SIP) from the Internet Engineering Task Force (IETF). Both H.323 and SIP typically allow for multimedia communication including voice, video, and data communications in real-time. [0003] In Internet Protocol (IP) communication networks, devices or endpoints on the network are identified by their respective IP address. Applications and programs on the different devices further identify each other using port numbers. A port number is a sixteen bit integer, the value of which falls into one of three ranges: the well-known ports, ranging from 0 through 1023; the registered ports, ranging from 1024 through 49151; and the dynamic and/or private ports, ranging from 49152 through 65535. The well-known ports are reserved for assignment by the Internet Corporation for Assigned Names and Numbers (ICANN) for use by applications that communicate using the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) and generally can only be used by a system/root process or by a program run by a privileged user. The registered ports may be registered for use by companies or other individuals for use by applications that communicate using TCP or UDP. The dynamic or private ports, by definition, cannot be officially registered nor are they assigned. Both the H.323 and SIP standards use multiple, well-known, registered, and/or dynamic ports in order to facilitate such communication. [0004] H.323 and SIP each rely on multiple other protocols, some of which may in turn rely on UDP for sending and receiving multimedia traffic. UDP features minimal overhead compared to other transport protocols (most notably TCP) at the expense of having less reliability. UDP does not provide for guaranteed packet delivery nor data integrity. UDP does offer the highest possible throughput, thus, making it ideally suited for multimedia real-time communications. [0005] Multimedia communications traffic will most likely have to traverse a firewall at some point during transmission, especially over the Internet, regardless to which protocol the traffic conforms. Firewalls are used in modem networks to screen out unwanted or malicious traffic. One of many techniques a firewall may use is packet filtering, wherein the firewall determines whether or not to allow individual packets by analyzing information in the packet header (such as the IP address and port of the source and destination). Thus, various ports or IP addresses may be blocked to minimize the risk of allowing malicious traffic into an important computer network or system. Another more advanced technique is called stateful inspection, wherein in addition to analyzing header information, a firewall keeps track of the status of any connection opened by network devices behind the firewall. Deciding whether or not a packet is dropped in a stateful inspection is based on the tracked status of the connection and information from within the packet header. In practice, firewalls (especially those used by large corporations) generally only allow traffic from the well-known ports, though such firewalls may be specially configured to allow traffic on any port. For multimedia communication systems that use multiple registered and dynamic ports, firewalls (unless specially configured) will generally block the data traffic on these ports between multimedia systems, thus, preventing communication. [0006] Video conferencing endpoints generally use multiple dynamic ports for the transmission of communication data packets and, as such, each port used necessitates opening that port on a firewall. Additionally, different endpoints participating in different conversations use different sets of ports, further increasing the number of ports to be opened on a firewall. Reconfiguring ports on a firewall is a time consuming task that introduces the risk of human error, which may defeat the purpose of the firewall by leaving a network vulnerable to malicious attacks. Furthermore, even though these dynamic ports should be closed after the communication ends, in practice, once a firewall port is open, it remains open because the firewall technicians typically do not expend the additional time resources to close the ports. [0007] Additionally, many video conferencing systems do not support encryption. In such cases the communication between endpoints is not secure and may be intercepted while being transmitted across the Internet. [0008] Existing video conferencing systems such as TANDBERG's BORDER CONTROLLER.TM., a component of TANDBERG.varies.s EXPRESSWAY.TM. firewall traversal solution, requires the use of TANDBERG Gatekeepers or TANDBERG traversal enabled endpoints. While allowing firewall traversal, the EXPRESSWAY.TM. solution still requires user intervention to select and trust a range of ports on a firewall and requires the purchase of TANDBERG equipment to use existing legacy video conference endpoints that are not traversal-enabled. The V2IU.TM. series of products from Polycom, Inc., are Application Level Gateways (ALG) that act as protocol-aware firewalls that automate the selection and trusting of ports, but as such, multiple ports are still used when sending traffic between endpoints with the risk of having such traffic being blocked by a non-protocol-aware firewall. Further, such an ALG does not provide for secure communication. The PATHFINDER.TM. series of products from RadVision, Ltd., provides for firewall traversal via multiplexing to a single port, but still requires opening a port on a firewall. Multiplexing is implemented by taking sections of data from each of the data streams coming through the various ports and placing them alternately into a single stream. Thus, the resulting stream is simply a train of interleaved data bits that are not recognized as any particular communication protocol. At the destination end point, a packet constructor picks each data bit and places it in the appropriate stream on the appropriate port and rebuilds the original stream. [0009] Similar systems have been implemented for voice, VoIP, and data over IP communication systems. Each either relies on a proprietary system or equipment or relies on actually selecting and opening multiple ports in a firewall that could leave the underlying network vulnerable to malicious electronic attacks. BRIEF SUMMARY OF THE INVENTION [0010] The present invention is directed to a system and method for transporting multiport protocol traffic using a single-port protocol that is known to be transmitted on a port that is typically open on standard firewalls. Multiport protocol traffic from a first endpoint is converted in to a single-port protocol for transport across a network. The traffic is then reconverted to the multiport protocol and directed to the appropriate ports at a targeted second endpoint. In being converted into the single-port protocol, the traffic may then traverse a firewall by using a well-known port, such that little or no reconfiguration of the firewall is required. In so doing, the risk of human error leaving a network vulnerable to malicious attacks is reduced. Moreover, instead of creating an unrecognizable data stream, which may still be rejected by more-advanced firewalls, such as through multiplexing, the various embodiments of the present invention actually creates a known, single-port communication protocol. [0011] The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention. It should be appreciated by those skilled in the art that the conception and specific embodiment disclosed may be readily utilized as a basis for modifying or designing other structures for carrying out the same purposes of the present invention. It should also be realized by those skilled in the art that such equivalent constructions do not depart from the spirit and scope of the invention as set forth in the appended claims. The novel features which are believed to be characteristic of the invention, both as to its organization and method of operation, together with further objects and advantages will be better understood from the following description when considered in connection with the accompanying figures. It is to be expressly understood, however, that each of the figures is provided for the purpose of illustration and description only and is not intended as a definition of the limits of the present invention. BRIEF DESCRIPTION OF THE DRAWINGS [0012] For a more complete understanding of the present invention, reference is now made to the following descriptions taken in conjunction with the accompanying drawing, in which: [0013] FIG. 1 is a diagram illustrating the flow of packets in a typical IP communication system; [0014] FIG. 2 is a diagram illustrating an IP communication system configured according to one embodiment of the present invention; [0015] FIG. 3 is a diagram illustrating an IP communication system configured according to another embodiment of the present invention, which includes encryption; [0016] FIG. 4 is a diagram illustrating the handling of packets; and [0017] FIG. 5 is a flowchart showing for an embodiment of the invention, example steps that may be employed to traverse a firewall. DETAILED DESCRIPTION OF THE INVENTION [0018] A variety of protocols require the use of multiport traffic. Whether the traffic is data between applications, voice communications, or video conferencing, whenever multiport traffic is used there is a possibility of some or all of the traffic being blocked by a firewall between two devices that are attempting to communicate. As an example, video conferencing systems, whether they are based on H.323, SIP, or other similar multimedia communication protocols, use multiple ports and multiple protocols in order to enable two-way audio and video communication. The communication protocols specify different types of traffic that may be sent between endpoints which include media traffic (voice, video, and the like) along with the control traffic (camera, connection control, and the like). The media traffic is comprised of data for the images and sound being transmitted between endpoints with the control traffic comprising data used to control the connection between endpoints and the features of the endpoint (e.g., camera direction, zoom, and the like). Due to its higher throughput rate, UDP may typically be utilized for the real-time communication traffic between endpoints. TCP may be utilized for traffic requiring data integrity (e.g., control traffic). As such, video conferencing systems typically make use of both TCP and UDP to transport the multimedia data to enable communication. The ports that are typically used to enable the two-way communication include various ports across the well-known ports, the registered ports, and the dynamic ports. Firewalls are usually set up to block unrequested traffic and/or traffic coming in on dynamic ports. Furthermore, UDP does not provide a mechanism for identifying received traffic as requested traffic. Thus, programs and endpoints that send traffic conforming to UDP are at risk of having that traffic blocked by the remote endpoint's firewall for both being unrequested and being sent on a blocked port. [0019] Referring to FIG. 1, video conference endpoint 10 attempts to send multimedia data to video conference endpoint 15. Multiport packets 100 sent from well-known port 1010, registered port 7030, and dynamic ports 50148-50153 are being transmitted to video conference endpoint 15. Firewall 12 passes all the outgoing traffic (packets 100) on all ports since this traffic has originated from the network inside of firewall 12. The traffic is transmitted across Internet 16 and is received by firewall 13, which is operating in a standard mode. In the standard mode, firewall 13 blocks dynamic ports and unrequested traffic (packets 101), such that only the TCP traffic (packets 102) on well-known port 1010 is received by endpoint 15. Thus, with each endpoint being behind their respective firewalls, neither two-way nor one-way communication can take place. Continue reading... Full patent description for System and method for traversing a firewall with multimedia communication Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this System and method for traversing a firewall with multimedia communication patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like System and method for traversing a firewall with multimedia communication or other areas of interest. ### Previous Patent Application: Ppp terminating equipment, network equipment and method of responding to lcp echo requirement Next Patent Application: Multi-carrier signal transmitting apparatus and multi-carrier signal receiving apparatus Industry Class: Multiplex communications ### FreshPatents.com Support Thank you for viewing the System and method for traversing a firewall with multimedia communication patent info. IP-related news and info Results in 4.69826 seconds Other interesting Feshpatents.com categories: Daimler Chrysler , DirecTV , Exxonmobil Chemical Company , Goodyear , Intel , Kyocera Wireless , |
||
